cargo-deny icon indicating copy to clipboard operation
cargo-deny copied to clipboard
verified publisher icon EmbarkStudios

Bug: `skip-tree` skips more crates than expected

Open Firestar99 opened this issue 4 months ago • 0 comments

Describe the bug

I would like cargo-deny to ignore our example crates and just complain about the public crates we release on crates.io. I tried listing all example crates in skip-tree, but this resulted in it not detecting duplicate dependencies correctly. Specifically, it seems to not just skip the crates in skip-tree in the crate tree traversal, but mark all crates downstream from skip-tree as skipped, see example below.

To reproduce

Let's say I have the following crate configuration:

B -> A@1
C -> A@2
EX -> A@1

skip-tree = ["EX"]

Then cargo deny check reports that everything is ok. However, I expected it to complain about this workspace using two different versions of crate A, A@1 through B and A@2 through C. But by declaring skip-tree = ["EX"], it seems to not just skip crate EX in the crate tree traversal, but mark all crates downstream from EX as skipped, including A@1.

cargo-deny version

cargo-deny 0.18.3

What OS were you running cargo-deny on?

Linux

Additional context

No response

Firestar99 avatar Jul 28 '25 10:07 Firestar99